CVE-2025-61549

Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows...

CVE-2025-61550

Cross-Site Scripting XSS is present on the ctl00Content01fieldValue parameters on the /psp/appNet/TemplateOrder/TemplatePreview.aspx endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.69. User-supplied input is stored and later rendered in HTML pages without prope...

CVE-2026-22233

Issue overview : OPEXUS eCASE Audit is vulnerable to a stored XSS when an authenticated user saves JavaScript in the Estimated Staff Hours field. When another user visits the Project Cost tab, the injected script executes in their browser. Affected software/versions : OPEXUS eCASE Audit (versions...

CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22233 OPEXUS eCASE Audit Project Cost stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript as a comment in the "Estimated Staff Hours" field. The JavaScript is executed whenever another user visits the Project Cost tab. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22232

OPEXUS eCASE Audit contains a stored cross-site scripting vulnerability in the Project Setup function. An authenticated attacker can save JavaScript in the “A or SIC Number” field, which is then executed when another user views the project. This affects the eCASE Audit component prior to version ...

CVE-2026-22232 OPEXUS eCASE Audit Project Setup stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22232 OPEXUS eCASE Audit Project Setup stored XSS

OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the "A or SIC Number" field within the Project Setup functionality. The JavaScript is executed whenever another user views the project. Fixed in OPEXUS eCASE Audit 11.14.2.0...

CVE-2026-22231

OPEXUS eCASE Audit is affected by a stored XSS in the Document Check Out comments. An authenticated attacker can save JavaScript as a comment, which is executed when another user views the Action History Log. Affected product: OPEXUS eCASE Audit (server-side application). Root cause: stored JavaS...

OPEXUS eCASE

RISK EVALUATION OPEXUS eCASE Audit contains multiple vulnerabilities. An authenticated attacker could bypass authorization or inject JavaScript that could be executed in the context of other users. 2. RECOMMENDED PRACTICES Update to eCase Audit v11.14.2.0 and eCase Platform v11.14.1.0. 3...

UBUNTU-CVE-2025-67858

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...

CVE-2025-67858 A crafted "interface" input parameter can lead to integrity loss of the firewall configuration

A Improper Neutralization of Argument Delimiters vulnerability in Foomuuri can lead to integrity loss of the firewall configuration or further unspecified impact by manipulating the JSON configuration passed to nft. This issue affects Foomuuri: from ? before 0.31...

CVE-2026-22028

Preact, a lightweight web development framework, JSON serialization protection to prevent Virtual DOM elements from being constructed from arbitrary JSON. A regression introduced in Preact 10.26.5 caused this protection to be softened. In applications where values from JSON payloads are assumed t...

CVE-2025-14984

The Gutenverse Form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG file upload in all versions up to, and including, 2.3.2. This is due to the plugin's framework component adding SVG to the allowed MIME types via the uploadmimes filter without implementing any...

CVE-2026-21871 NiceGUI is vulnerable to XSS via Unescaped URL in ui.navigate.history.push() / replace()

NiceGUI is a Python-based UI framework. From versions 2.13.0 to 3.4.1, there is a XSS risk in NiceGUI when developers pass attacker-controlled strings into ui.navigate.history.push or ui.navigate.history.replace. These helpers are documented as History API wrappers for updating the browser URL...

CVE-2019-25277

FaceSentry Access Control System 6.4.8 contains a cross-site scripting vulnerability in the 'msg' parameter of pluginInstall.php that allows attackers to inject malicious scripts. Attackers can exploit the unvalidated input to execute arbitrary JavaScript in victim browsers, potentially stealing...

PT-2026-1899

Name of the Vulnerable Software and Affected Versions ThemeGoods Grand Restaurant versions prior to 7.0.9 Description The software contains a flaw due to improper neutralization of input during web page generation, leading to a Reflected Cross-site Scripting XSS condition. This allows an attacker...

OPEXUS eCASE Audit 安全漏洞

OPEXUS eCASE Audit is an audit management software from OPEXUS USA. A security vulnerability exists in OPEXUS eCASE Audit that originates from an authenticated attacker being able to save JavaScript in the Document Check Out feature, which could lead to cross-site scripting attacks...

PT-2026-2174

Name of the Vulnerable Software and Affected Versions OPEXUS eCASE Audit versions prior to 11.14.2.0 Description OPEXUS eCASE Audit allows an authenticated attacker to save JavaScript in the “A or SIC Number” field within the Project Setup functionality. This JavaScript is executed when another...

CVE-2025-61549

Cross-Site Scripting XSS is present on the LoginID parameter on the /PSP/app/web/reg/regdisplay.asp endpoint in edu Business Solutions Print Shop Pro WebDesk version 18.34 fixed in 19.76. Unsanitized user input is reflected in HTTP responses without proper HTML encoding or escaping. This allows...